[openssh] - Rebased to openssh5.6p1 - Added -z relro -z now to LDFLAGS
Jan F. Chadima
jfch2222 at fedoraproject.org
Fri Sep 3 14:00:18 UTC 2010
commit c6801b909efbd44d76078aa8bda4ba250cc938f9
Author: Jan F. Chadima <jfch at frigo.(none)>
Date: Thu Aug 12 07:41:58 2010 +0200
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
openssh-5.6p1-authorized-keys-command.patch | 74 ++++++++++----------
....4p1-redhat.patch => openssh-5.6p1-redhat.patch | 32 ++++----
openssh.spec | 10 ++-
3 files changed, 60 insertions(+), 56 deletions(-)
---
diff --git a/openssh-5.6p1-authorized-keys-command.patch b/openssh-5.6p1-authorized-keys-command.patch
index 4c9b5b1..3075f34 100644
--- a/openssh-5.6p1-authorized-keys-command.patch
+++ b/openssh-5.6p1-authorized-keys-command.patch
@@ -1,6 +1,6 @@
diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
---- openssh-5.6p1/auth2-pubkey.c.akc 2010-08-23 12:15:42.000000000 +0200
-+++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/auth2-pubkey.c.akc 2010-09-03 15:24:51.000000000 +0200
++++ openssh-5.6p1/auth2-pubkey.c 2010-09-03 15:24:51.000000000 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@@ -241,8 +241,8 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
return 0;
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
---- openssh-5.6p1/configure.ac.akc 2010-08-23 12:15:42.000000000 +0200
-+++ openssh-5.6p1/configure.ac 2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/configure.ac.akc 2010-09-03 15:24:51.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-09-03 15:24:51.000000000 +0200
@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
esac ]
)
@@ -271,8 +271,8 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
---- openssh-5.6p1/servconf.c.akc 2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/servconf.c 2010-08-23 12:22:22.000000000 +0200
+--- openssh-5.6p1/servconf.c.akc 2010-09-03 15:24:50.000000000 +0200
++++ openssh-5.6p1/servconf.c 2010-09-03 15:24:51.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
@@ -344,8 +344,8 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
---- openssh-5.6p1/servconf.h.akc 2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/servconf.h 2010-08-23 12:17:58.000000000 +0200
+--- openssh-5.6p1/servconf.h.akc 2010-09-03 15:24:50.000000000 +0200
++++ openssh-5.6p1/servconf.h 2010-09-03 15:24:51.000000000 +0200
@@ -158,6 +158,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
@@ -356,45 +356,45 @@ diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
void initialize_server_options(ServerOptions *);
diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
---- openssh-5.6p1/sshd_config.0.akc 2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config.0 2010-08-23 12:25:18.000000000 +0200
-@@ -374,7 +374,8 @@ DESCRIPTION
+--- openssh-5.6p1/sshd_config.0.akc 2010-09-03 15:24:50.000000000 +0200
++++ openssh-5.6p1/sshd_config.0 2010-09-03 15:27:26.000000000 +0200
+@@ -71,6 +71,23 @@ DESCRIPTION
- Only a subset of keywords may be used on the lines following a
- Match keyword. Available keywords are AllowAgentForwarding,
-- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
-+ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
-+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
- Banner, ChrootDirectory, ForceCommand, GatewayPorts,
- GSSAPIAuthentication, HostbasedAuthentication,
- HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
-@@ -496,6 +497,23 @@ DESCRIPTION
- this file is not readable, then public key authentication will be
- refused for all users.
+ See PATTERNS in ssh_config(5) for more information on patterns.
+ AuthorizedKeysCommand
+
+ Specifies a program to be used for lookup of the user's
-+ public keys. The program will be invoked with its first
-+ argument the name of the user being authorized, and should produce
-+ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS
-+ in sshd(8)). By default (or when set to the empty string) there is no
-+ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully
-+ authorize the user, authorization falls through to the
-+ AuthorizedKeysFile. Note that this option has an effect
-+ only with PubkeyAuthentication turned on.
++ public keys. The program will be invoked with its first
++ argument the name of the user being authorized, and should produce
++ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS
++ in sshd(8)). By default (or when set to the empty string) there is no
++ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully
++ authorize the user, authorization falls through to the
++ AuthorizedKeysFile. Note that this option has an effect
++ only with PubkeyAuthentication turned on.
+
+ AuthorizedKeysCommandRunAs
+ Specifies the user under whose account the AuthorizedKeysCommand is run.
+ Empty string (the default value) means the user being authorized
+ is used.
+
- RhostsRSAAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication to-
- gether with successful RSA host authentication is allowed. The
+ AuthorizedKeysFile
+ Specifies the file that contains the public keys that can be used
+ for user authentication. The format is described in the
+@@ -375,7 +392,8 @@ DESCRIPTION
+
+ Only a subset of keywords may be used on the lines following a
+ Match keyword. Available keywords are AllowAgentForwarding,
+- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
++ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
++ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
+ Banner, ChrootDirectory, ForceCommand, GatewayPorts,
+ GSSAPIAuthentication, HostbasedAuthentication,
+ HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
---- openssh-5.6p1/sshd_config.5.akc 2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config.5 2010-08-23 12:25:46.000000000 +0200
+--- openssh-5.6p1/sshd_config.5.akc 2010-09-03 15:24:50.000000000 +0200
++++ openssh-5.6p1/sshd_config.5 2010-09-03 15:24:51.000000000 +0200
@@ -654,6 +654,8 @@ Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
@@ -434,8 +434,8 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
---- openssh-5.6p1/sshd_config.akc 2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config 2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/sshd_config.akc 2010-09-03 15:24:50.000000000 +0200
++++ openssh-5.6p1/sshd_config 2010-09-03 15:24:51.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
#RSAAuthentication yes
#PubkeyAuthentication yes
diff --git a/openssh-5.4p1-redhat.patch b/openssh-5.6p1-redhat.patch
similarity index 75%
rename from openssh-5.4p1-redhat.patch
rename to openssh-5.6p1-redhat.patch
index bd2ad80..f4560a9 100644
--- a/openssh-5.4p1-redhat.patch
+++ b/openssh-5.6p1-redhat.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
---- openssh-5.4p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
-+++ openssh-5.4p1/ssh_config 2010-03-01 15:15:51.000000000 +0100
+diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config
+--- openssh-5.6p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
++++ openssh-5.6p1/ssh_config 2010-09-03 15:21:17.000000000 +0200
@@ -45,3 +45,14 @@
# PermitLocalCommand no
# VisualHostKey no
@@ -16,26 +16,26 @@ diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+ SendEnv XMODIFIERS
-diff -up openssh-5.4p1/sshd_config.0.redhat openssh-5.4p1/sshd_config.0
---- openssh-5.4p1/sshd_config.0.redhat 2010-03-01 14:30:04.000000000 +0100
-+++ openssh-5.4p1/sshd_config.0 2010-03-01 15:14:13.000000000 +0100
-@@ -501,9 +501,9 @@ DESCRIPTION
+diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0
+--- openssh-5.6p1/sshd_config.0.redhat 2010-08-23 05:24:16.000000000 +0200
++++ openssh-5.6p1/sshd_config.0 2010-09-03 15:23:20.000000000 +0200
+@@ -537,9 +537,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
-- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
-- fault is AUTH.
+- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
+- default is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
-diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
---- openssh-5.4p1/sshd_config.5.redhat 2010-02-26 21:55:06.000000000 +0100
-+++ openssh-5.4p1/sshd_config.5 2010-03-01 15:14:14.000000000 +0100
-@@ -865,7 +865,7 @@ Note that this option applies to protoco
+diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5
+--- openssh-5.6p1/sshd_config.5.redhat 2010-07-02 05:37:17.000000000 +0200
++++ openssh-5.6p1/sshd_config.5 2010-09-03 15:21:17.000000000 +0200
+@@ -919,7 +919,7 @@ Note that this option applies to protoco
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
@@ -44,9 +44,9 @@ diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive
-diff -up openssh-5.4p1/sshd_config.redhat openssh-5.4p1/sshd_config
---- openssh-5.4p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
-+++ openssh-5.4p1/sshd_config 2010-03-01 15:14:14.000000000 +0100
+diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config
+--- openssh-5.6p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
++++ openssh-5.6p1/sshd_config 2010-09-03 15:21:17.000000000 +0200
@@ -31,6 +31,7 @@
# Logging
# obsoletes QuietMode and FascistLogging
diff --git a/openssh.spec b/openssh.spec
index 92d712b..68f38aa 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.6p1
-%define openssh_rel 1
+%define openssh_rel 2
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 27
@@ -93,7 +93,7 @@ Source3: sshd.init
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
Source5: pam_ssh_agent-rmheaders
-Patch0: openssh-5.4p1-redhat.patch
+Patch0: openssh-5.6p1-redhat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
Patch4: openssh-5.2p1-vendor.patch
Patch10: pam_ssh_agent_auth-0.9-build.patch
@@ -317,7 +317,7 @@ CFLAGS="$CFLAGS -fpic"
%endif
export CFLAGS
SAVE_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
+LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
%endif
%if %{kerberos5}
if test -r /etc/profile.d/krb5-devel.sh ; then
@@ -579,6 +579,10 @@ fi
%endif
%changelog
+* Fri Sep 3 2010 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-1 + 0.9.2-27
+- Rebased to openssh5.6p1
+- Added -z relro -z now to LDFLAGS
+
* Wed Jul 7 2010 Jan F. Chadima <jchadima at redhat.com> - 5.5p1-18 + 0.9.2-26
- merged with newer bugzilla's version of authorized keys command patch
More information about the scm-commits
mailing list